14 DAY TRIAL // After being used to distribute pharma spam and lead users to survey sites, the fake Google+ invitations have also reached Facebook where scammers are using them to lure users to rogue apps.
Google's new social networking service is enjoying a lot of good reviews and a very high interest from the public.
The platform already scored 10 million users in two weeks despite being in a closed beta phase. Signing up requires an invitation from someone who is already a member and for a while such invitations were in high demand because the system was up and down.
Since there have been several ways to "invite" people to the social network, a lot of users are confused regarding what Google+ invitations actually are, how they look and how to get them.
They only know that they need one in order to get in that makes them an easy target for scammers looking to profit from the Google+ buzz.
Security researchers from Sophos warn that one such scam is currently spreading on Facebook through messages that read: "Google+ - Get Invite Unoffical Fan Page"
The advertised link takes users to a rogue Facebook app called "Google Plus - Direct Access" which asks for permission to posts on people's walls and access their profile information.
The app is used to propagate the scam and once it's installed it starts spamming the aforementioned mentioned message from people's accounts. Users are then asked to Like the rogue app page and invite as many friends as possible to it.
"What we end up with is many thousands of people who have given a third party application, written by persons unknown, complete access to their Facebook page," says Graham Cluley, a senior technology consultant at Sophos.
"That means they can later use your Facebook account to post spam messages, distribute other money-making scams, steal your personal information, and post in your name," he warns.